CVE-2018-9149

MEDIUM Year: 2018
CVSS v3 Score
6.8
Medium
CVSS v2 Score
7.2
High
Weakness Type
CWE-798
View all →

Vulnerability Description

The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device, he can use the 1234 password for the root account to login to the system. Furthermore, an attacker can start the device's TELNET service as a backdoor.

Related Vulnerabilities

CVE-2018-12323

MEDIUM
CVSS:6.8(Medium)

An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at th...

CWE-7982018

CVE-2018-17767

MEDIUM
CVSS:6.8(Medium)

Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N.

CWE-7982018

CVE-2019-10688

MEDIUM
CVSS:6.8(Medium)

VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between...

CWE-7982019

CVE-2019-3983

MEDIUM
CVSS:6.8(Medium)

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections.

CWE-7982019

CVE-2019-4675

MEDIUM
CVSS:6.8(Medium)

IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external compo...

CWE-7982019

CVE-2019-4694

MEDIUM
CVSS:6.8(Medium)

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication t...

CWE-7982019